mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity
Detect-It-Easy/db/PE/RADBasic.4.sg
DosX 0da0c7e360 +RAD Basic detection rule
2024-12-16 12:40:29 +03:00

17 lines
No EOL
449 B
JavaScript
Raw Blame History

// Detect It Easy: detection rule file
init("compiler", "RAD Basic");
function detect() {
if (PE.compareEP(PE.is64() ? "48 83 EC" : "E8") && PE.getImportFunctionName(0, 0) === "CloseHandle") {
const rdataSection = PE.section[".rdata"];
if (rdataSection && PE.isSignatureInSectionPresent(rdataSection.Number, "'RADBasic'")) {
bDetected = true;
}
}
_setLang("VB", bDetected);
return result();
}
Reference in a new issue View git blame Copy permalink